2,136 research outputs found
Detecting Byzantine Attacks Without Clean Reference
We consider an amplify-and-forward relay network composed of a source, two
relays, and a destination. In this network, the two relays are untrusted in the
sense that they may perform Byzantine attacks by forwarding altered symbols to
the destination. Note that every symbol received by the destination may be
altered, and hence no clean reference observation is available to the
destination. For this network, we identify a large family of Byzantine attacks
that can be detected in the physical layer. We further investigate how the
channel conditions impact the detection against this family of attacks. In
particular, we prove that all Byzantine attacks in this family can be detected
with asymptotically small miss detection and false alarm probabilities by using
a sufficiently large number of channel observations \emph{if and only if} the
network satisfies a non-manipulability condition. No pre-shared secret or
secret transmission is needed for the detection of these attacks, demonstrating
the value of this physical-layer security technique for counteracting Byzantine
attacks.Comment: 16 pages, 7 figures, accepted to appear on IEEE Transactions on
Information Forensics and Security, July 201
Bankrupt Covert Channel: Turning Network Predictability into Vulnerability
Recent years have seen a surge in the number of data leaks despite aggressive
information-containment measures deployed by cloud providers. When attackers
acquire sensitive data in a secure cloud environment, covert communication
channels are a key tool to exfiltrate the data to the outside world. While the
bulk of prior work focused on covert channels within a single CPU, they require
the spy (transmitter) and the receiver to share the CPU, which might be
difficult to achieve in a cloud environment with hundreds or thousands of
machines.
This work presents Bankrupt, a high-rate highly clandestine channel that
enables covert communication between the spy and the receiver running on
different nodes in an RDMA network. In Bankrupt, the spy communicates with the
receiver by issuing RDMA network packets to a private memory region allocated
to it on a different machine (an intermediary). The receiver similarly
allocates a separate memory region on the same intermediary, also accessed via
RDMA. By steering RDMA packets to a specific set of remote memory addresses,
the spy causes deep queuing at one memory bank, which is the finest addressable
internal unit of main memory. This exposes a timing channel that the receiver
can listen on by issuing probe packets to addresses mapped to the same bank but
in its own private memory region. Bankrupt channel delivers 74Kb/s throughput
in CloudLab's public cloud while remaining undetectable to the existing
monitoring capabilities, such as CPU and NIC performance counters.Comment: Published in WOOT 2020 co-located with USENIX Security 202
CHERI Macaroons: Efficient, host-based access control for cyber-physical systems
Cyber-Physical Systems (CPS) often rely on network boundary defence as a primary means of access control; therefore, the compromise of one device threatens the security of all devices within the boundary. Resource and real-time constraints, tight hardware/software coupling, and decades-long service lifetimes complicate efforts for more robust, host-based access control mechanisms. Distributed capability systems provide opportunities for restoring access control to resource-owning devices; however, such a protection model requires a capability-based architecture for CPS devices as well as task compartmentalisation to be effective.
This paper demonstrates hardware enforcement of network bearer tokens using an efficient translation between CHERI (Capability Hardware Enhanced RISC Instructions) architectural capabilities and Macaroon network tokens. While this method appears to generalise to any network-based access control problem, we specifically consider CPS, as our method is well-suited for controlling resources in the physical domain. We demonstrate the method in a distributed robotics application and in a hierarchical industrial control application, and discuss our plans to evaluate and extend the method.Gates Cambridge Scholarshi
Physical detection of misbehavior in relay systems with unreliable channel state information
We study the detection 1 of misbehavior in a Gaussian relay system, where the source transmits information to the destination with the assistance of an amplify-and-forward relay node subject to unreliable channel state information (CSI). The relay node may be potentially malicious and corrupt the network by forwarding garbled information. In this situation, misleading feedback may take place, since reliable CSI is unavailable at the source and/or the destination. By classifying the action of the relay as detectable or undetectable, we propose a novel approach that is capable of coping with any malicious attack detected and continuing to work effectively in the presence of unreliable CSI. We demonstrate that the detectable class of attacks can be successfully detected with a high probability. Meanwhile, the undetectable class of attacks does not affect the performance improvements that are achievable by cooperative diversity, even though such an attack may fool the proposed detection approach. We also extend the method to deal with the case in which there is no direct link between the source and the destination. The effectiveness of the proposed approach has been validated by numerical results
Development of a Security-Focused Multi-Channel Communication Protocol and Associated Quality of Secure Service (QoSS) Metrics
The threat of eavesdropping, and the challenge of recognizing and correcting for corrupted or suppressed information in communication systems is a consistent challenge. Effectively managing protection mechanisms requires an ability to accurately gauge the likelihood or severity of a threat, and adapt the security features available in a system to mitigate the threat. This research focuses on the design and development of a security-focused communication protocol at the session-layer based on a re-prioritized communication architecture model and associated metrics. From a probabilistic model that considers data leakage and data corruption as surrogates for breaches of confidentiality and integrity, a set of metrics allows the direct and repeatable quantification of the security available in single- or multi-channel networks. The quantification of security is based directly upon the probabilities that adversarial listeners and malicious disruptors are able to gain access to or change the original message. Fragmenting data across multiple channels demonstrates potential improvements to confidentiality, while duplication improves the integrity of the data against disruptions. Finally, the model and metrics are exercised in simulation. The ultimate goal is to minimize the information available to adversaries
QoS Provision for Wireless Sensor Networks
Wireless sensor network is a fast growing area of research, receiving attention not only within the computer science and electrical engineering communities, but also in relation to network optimization, scheduling, risk and reliability analysis within industrial and system engineering. The availability of micro-sensors and low-power wireless communications will enable the deployment of densely distributed sensor/actuator networks. And an integration of such system plays critical roles in many facets of human life ranging from intelligent assistants in hospitals to manufacturing process, to rescue agents in large scale disaster response, to sensor networks tracking environment phenomena, and others.
The sensor nodes will perform significant signal processing, computation, and network self-configuration to achieve scalable, secure, robust and long-lived networks. More specifically, sensor nodes will do local processing to reduce energy costs, and key exchanges to ensure robust communications. These requirements pose interesting challenges for networking research. The most important technical challenge arises from the development of an integrated system which is 1)energy efficient because the system must be long-lived and operate without manual intervention, 2)reliable for data communication and robust to attackers because information security and system robustness are important in sensitive applications, such as military.
Based on the above challenges, this dissertation provides Quality of Service (QoS) implementation and evaluation for the wireless sensor networks. It includes the following 3 modules, 1) energy-efficient routing, 2) energy-efficient coverage, 3). communication security. Energy-efficient routing combines the features of minimum energy consumption routing protocols with minimum computational cost routing protocols. Energy-efficient coverage provides on-demand sensing and measurement. Information security needs a security key exchange scheme to ensure reliable and robust communication links. QoS evaluation metrics and results are presented based on the above requirements
- …